* [PATCH 0/1] quagga: add pam support for vtysh
@ 2013-11-08 4:32 Hongxu Jia
2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Hongxu Jia @ 2013-11-08 4:32 UTC (permalink / raw)
To: openembedded-devel
Test Case:
1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
quagga.
2. On target:
1) cat /etc/pam.d/guagga
#
# The PAM configuration file for the quagga `vtysh' service
#
# This allows root to change user infomation without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
auth include common-auth
2) add option debug to pam_rootok.so
auth sufficient pam_rootok.so debug
3) pam_rootok.so
run command vtysh as root, enter qemu0#:
root@qemu0:~# vtysh
Hello, this is Quagga (version 0.99.21).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
qemu0#
log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success:
2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded
4) pam_unix.so
the content of common-auth are shown at section "Common configure files"
comment the configure file quagga pam_rootok.so line, because it will make pam return success:
#auth sufficient pam_rootok.so
and modify the pam_unix.so line in common-auth to remove nullok_secure:
auth [success=1 default=ignore] pam_unix.so debug
5) run commands with invalid password:
root@qemu0:~# vtysh
Password:
root@qemu0:~#
log in /var/log/message(or /var/log/auth.log):
2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost= user=root
//Hongxu
The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:
dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam
Hongxu Jia (1):
quagga: add pam support for vtysh
meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
--
1.8.1.2
^ permalink raw reply [flat|nested] 6+ messages in thread* [PATCH 1/1] quagga: add pam support for vtysh 2013-11-08 4:32 [PATCH 0/1] quagga: add pam support for vtysh Hongxu Jia @ 2013-11-08 4:32 ` Hongxu Jia 2013-11-08 5:08 ` Rongqing Li 2013-11-08 8:34 ` [PATCH 0/1] " Hongxu Jia 2013-11-26 16:23 ` Joe MacDonald 2 siblings, 1 reply; 6+ messages in thread From: Hongxu Jia @ 2013-11-08 4:32 UTC (permalink / raw) To: openembedded-devel According to DISTRO_FEATURES to add pam support for quagga, and import configure file from Fedora. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++ meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam diff --git a/meta-networking/recipes-protocols/quagga/files/quagga.pam b/meta-networking/recipes-protocols/quagga/files/quagga.pam new file mode 100644 index 0000000..3541a97 --- /dev/null +++ b/meta-networking/recipes-protocols/quagga/files/quagga.pam @@ -0,0 +1,13 @@ +# +# The PAM configuration file for the quagga `vtysh' service +# + +# This allows root to change user infomation without being +# prompted for a password +auth sufficient pam_rootok.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +auth include common-auth + diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc index 2106c9b..52cd7a3 100644 --- a/meta-networking/recipes-protocols/quagga/quagga.inc +++ b/meta-networking/recipes-protocols/quagga/quagga.inc @@ -32,10 +32,12 @@ SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagg file://watchquagga.init \ file://watchquagga.default \ file://volatiles.03_quagga \ + file://file://quagga.pam \ file://ripd-fix-two-bugs-after-received-SIGHUP.patch" -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" PACKAGECONFIG[cap] = "--enable-capabilities,--disable-capabilities,libcap" +PACKAGECONFIG[pam] = "--with-libpam, --without-libpam, libpam" inherit autotools update-rc.d useradd @@ -98,6 +100,15 @@ do_install () { # Remove generated info dir file, it doesn't belong in the generated # package. rm -f ${D}${infodir}/dir + + # For PAM + for feature in ${DISTRO_FEATURES}; do + if [ "$feature" = "pam" ]; then + install -D -m 644 ${WORKDIR}/quagga.pam ${D}/${sysconfdir}/pam.d/quagga + break + fi + done + } # Split into a main package and separate per-protocol packages -- 1.8.1.2 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] quagga: add pam support for vtysh 2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia @ 2013-11-08 5:08 ` Rongqing Li 2013-11-08 8:30 ` Hongxu Jia 0 siblings, 1 reply; 6+ messages in thread From: Rongqing Li @ 2013-11-08 5:08 UTC (permalink / raw) To: openembedded-devel On 11/08/2013 12:32 PM, Hongxu Jia wrote: > According to DISTRO_FEATURES to add pam support for quagga, and import > configure file from Fedora. > > Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> > --- > meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++ > meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++- > 2 files changed, 25 insertions(+), 1 deletion(-) > create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam > > diff --git a/meta-networking/recipes-protocols/quagga/files/quagga.pam b/meta-networking/recipes-protocols/quagga/files/quagga.pam > new file mode 100644 > index 0000000..3541a97 > --- /dev/null > +++ b/meta-networking/recipes-protocols/quagga/files/quagga.pam > @@ -0,0 +1,13 @@ > +# > +# The PAM configuration file for the quagga `vtysh' service > +# > + > +# This allows root to change user infomation without being > +# prompted for a password > +auth sufficient pam_rootok.so > + > +# The standard Unix authentication modules, used with > +# NIS (man nsswitch) as well as normal /etc/passwd and > +# /etc/shadow entries. > +auth include common-auth > + > diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc > index 2106c9b..52cd7a3 100644 > --- a/meta-networking/recipes-protocols/quagga/quagga.inc > +++ b/meta-networking/recipes-protocols/quagga/quagga.inc > @@ -32,10 +32,12 @@ SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagg > file://watchquagga.init \ > file://watchquagga.default \ > file://volatiles.03_quagga \ > + file://file://quagga.pam \ Why is there be two file://? > file://ripd-fix-two-bugs-after-received-SIGHUP.patch" > > -PACKAGECONFIG ??= "" > +PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" > PACKAGECONFIG[cap] = "--enable-capabilities,--disable-capabilities,libcap" > +PACKAGECONFIG[pam] = "--with-libpam, --without-libpam, libpam" > > inherit autotools update-rc.d useradd > > @@ -98,6 +100,15 @@ do_install () { > # Remove generated info dir file, it doesn't belong in the generated > # package. > rm -f ${D}${infodir}/dir > + > + # For PAM > + for feature in ${DISTRO_FEATURES}; do > + if [ "$feature" = "pam" ]; then > + install -D -m 644 ${WORKDIR}/quagga.pam ${D}/${sysconfdir}/pam.d/quagga > + break > + fi > + done > + Could you use the below method to simply this loop if ${@base_contains('DISTRO_FEATURES','sysvinit','false','true',d)};then if -Roy > } > > # Split into a main package and separate per-protocol packages > -- Best Reagrds, Roy | RongQing Li ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] quagga: add pam support for vtysh 2013-11-08 5:08 ` Rongqing Li @ 2013-11-08 8:30 ` Hongxu Jia 0 siblings, 0 replies; 6+ messages in thread From: Hongxu Jia @ 2013-11-08 8:30 UTC (permalink / raw) To: Rongqing Li, openembedded-devel On 11/08/2013 01:08 PM, Rongqing Li wrote: > > > On 11/08/2013 12:32 PM, Hongxu Jia wrote: >> According to DISTRO_FEATURES to add pam support for quagga, and import >> configure file from Fedora. >> >> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> >> --- >> meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 >> +++++++++++++ >> meta-networking/recipes-protocols/quagga/quagga.inc | 13 >> ++++++++++++- >> 2 files changed, 25 insertions(+), 1 deletion(-) >> create mode 100644 >> meta-networking/recipes-protocols/quagga/files/quagga.pam >> >> diff --git >> a/meta-networking/recipes-protocols/quagga/files/quagga.pam >> b/meta-networking/recipes-protocols/quagga/files/quagga.pam >> new file mode 100644 >> index 0000000..3541a97 >> --- /dev/null >> +++ b/meta-networking/recipes-protocols/quagga/files/quagga.pam >> @@ -0,0 +1,13 @@ >> +# >> +# The PAM configuration file for the quagga `vtysh' service >> +# >> + >> +# This allows root to change user infomation without being >> +# prompted for a password >> +auth sufficient pam_rootok.so >> + >> +# The standard Unix authentication modules, used with >> +# NIS (man nsswitch) as well as normal /etc/passwd and >> +# /etc/shadow entries. >> +auth include common-auth >> + >> diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc >> b/meta-networking/recipes-protocols/quagga/quagga.inc >> index 2106c9b..52cd7a3 100644 >> --- a/meta-networking/recipes-protocols/quagga/quagga.inc >> +++ b/meta-networking/recipes-protocols/quagga/quagga.inc >> @@ -32,10 +32,12 @@ SRC_URI = >> "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagg >> file://watchquagga.init \ >> file://watchquagga.default \ >> file://volatiles.03_quagga \ >> + file://file://quagga.pam \ > > Why is there be two file://? > Oh, sorry for the typo, I have updated the git to correct this. git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam Thanks, Hongxu >> file://ripd-fix-two-bugs-after-received-SIGHUP.patch" >> >> -PACKAGECONFIG ??= "" >> +PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', >> '', d)}" >> PACKAGECONFIG[cap] = >> "--enable-capabilities,--disable-capabilities,libcap" >> +PACKAGECONFIG[pam] = "--with-libpam, --without-libpam, libpam" >> >> inherit autotools update-rc.d useradd >> >> @@ -98,6 +100,15 @@ do_install () { >> # Remove generated info dir file, it doesn't belong in the >> generated >> # package. >> rm -f ${D}${infodir}/dir >> + >> + # For PAM >> + for feature in ${DISTRO_FEATURES}; do >> + if [ "$feature" = "pam" ]; then >> + install -D -m 644 ${WORKDIR}/quagga.pam >> ${D}/${sysconfdir}/pam.d/quagga >> + break >> + fi >> + done >> + > > > Could you use the below method to simply this loop > > if > ${@base_contains('DISTRO_FEATURES','sysvinit','false','true',d)};then > if > > -Roy > >> } >> >> # Split into a main package and separate per-protocol packages >> > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 0/1] quagga: add pam support for vtysh 2013-11-08 4:32 [PATCH 0/1] quagga: add pam support for vtysh Hongxu Jia 2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia @ 2013-11-08 8:34 ` Hongxu Jia 2013-11-26 16:23 ` Joe MacDonald 2 siblings, 0 replies; 6+ messages in thread From: Hongxu Jia @ 2013-11-08 8:34 UTC (permalink / raw) To: openembedded-devel On 11/08/2013 12:32 PM, Hongxu Jia wrote: > Test Case: > 1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with > quagga. > > 2. On target: > 1) cat /etc/pam.d/guagga s/guagga/quagga/ //Hongxu > # > # The PAM configuration file for the quagga `vtysh' service > # > > # This allows root to change user infomation without being > # prompted for a password > auth sufficient pam_rootok.so > > # The standard Unix authentication modules, used with > # NIS (man nsswitch) as well as normal /etc/passwd and > # /etc/shadow entries. > auth include common-auth > > 2) add option debug to pam_rootok.so > auth sufficient pam_rootok.so debug > > 3) pam_rootok.so > run command vtysh as root, enter qemu0#: > root@qemu0:~# vtysh > > Hello, this is Quagga (version 0.99.21). > Copyright 1996-2005 Kunihiro Ishiguro, et al. > > qemu0# > log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success: > 2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded > > 4) pam_unix.so > the content of common-auth are shown at section "Common configure files" > comment the configure file quagga pam_rootok.so line, because it will make pam return success: > #auth sufficient pam_rootok.so > and modify the pam_unix.so line in common-auth to remove nullok_secure: > auth [success=1 default=ignore] pam_unix.so debug > > 5) run commands with invalid password: > root@qemu0:~# vtysh > Password: > root@qemu0:~# > log in /var/log/message(or /var/log/auth.log): > 2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost= user=root > > //Hongxu > > > The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010: > > dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500) > > are available in the git repository at: > > git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam > http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam > > Hongxu Jia (1): > quagga: add pam support for vtysh > > meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++ > meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++- > 2 files changed, 25 insertions(+), 1 deletion(-) > create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 0/1] quagga: add pam support for vtysh 2013-11-08 4:32 [PATCH 0/1] quagga: add pam support for vtysh Hongxu Jia 2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia 2013-11-08 8:34 ` [PATCH 0/1] " Hongxu Jia @ 2013-11-26 16:23 ` Joe MacDonald 2 siblings, 0 replies; 6+ messages in thread From: Joe MacDonald @ 2013-11-26 16:23 UTC (permalink / raw) To: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 2625 bytes --] The latest (and slightly tweaked to resolve a trivial conflict) version merged. Thanks. -J. [[oe] [PATCH 0/1] quagga: add pam support for vtysh] On 13.11.08 (Fri 12:32) Hongxu Jia wrote: > Test Case: > 1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with > quagga. > > 2. On target: > 1) cat /etc/pam.d/guagga > # > # The PAM configuration file for the quagga `vtysh' service > # > > # This allows root to change user infomation without being > # prompted for a password > auth sufficient pam_rootok.so > > # The standard Unix authentication modules, used with > # NIS (man nsswitch) as well as normal /etc/passwd and > # /etc/shadow entries. > auth include common-auth > > 2) add option debug to pam_rootok.so > auth sufficient pam_rootok.so debug > > 3) pam_rootok.so > run command vtysh as root, enter qemu0#: > root@qemu0:~# vtysh > > Hello, this is Quagga (version 0.99.21). > Copyright 1996-2005 Kunihiro Ishiguro, et al. > > qemu0# > log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success: > 2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded > > 4) pam_unix.so > the content of common-auth are shown at section "Common configure files" > comment the configure file quagga pam_rootok.so line, because it will make pam return success: > #auth sufficient pam_rootok.so > and modify the pam_unix.so line in common-auth to remove nullok_secure: > auth [success=1 default=ignore] pam_unix.so debug > > 5) run commands with invalid password: > root@qemu0:~# vtysh > Password: > root@qemu0:~# > log in /var/log/message(or /var/log/auth.log): > 2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost= user=root > > //Hongxu > > > The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010: > > dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500) > > are available in the git repository at: > > git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam > http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam > > Hongxu Jia (1): > quagga: add pam support for vtysh > > meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++ > meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++- > 2 files changed, 25 insertions(+), 1 deletion(-) > create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam > -- -Joe MacDonald. :wq [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 205 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-11-26 16:23 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-11-08 4:32 [PATCH 0/1] quagga: add pam support for vtysh Hongxu Jia 2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia 2013-11-08 5:08 ` Rongqing Li 2013-11-08 8:30 ` Hongxu Jia 2013-11-08 8:34 ` [PATCH 0/1] " Hongxu Jia 2013-11-26 16:23 ` Joe MacDonald
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.